💡

"Gives me everything I need to be informed about a topic" - __UK.Gov__

Table of Contents

1. The AI in Your Email: A Phisherman’s Dream Come True

2. The Encryption Dilemma: Tech Giants vs Government

3. How to Master Netdiscover and Map Your Network Effectively

4. MixShell Malware Mixes It Up In Contact Forms

5. No, Google Did Not Warn 2.5 Billion Gmail Users to Reset Passwords

6. Harnessing AI in Penetration Testing: LLMs Are the New MVP

Sign up for CISO Intelligence.

21st century industry insights for the modern CISO

It won't hurt, I promise.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

The AI in Your Email: A Phisherman’s Dream Come True

_When your inbox becomes the playground for AI hijinks, it's time to check what's behind the curtain._

What You Need to Know

A sophisticated Gmail phishing attack has emerged, utilizing AI prompt injection techniques to dupe AI-powered security tools. This novel threat, traced back to South Asia but largely unconfirmed, exposes vulnerabilities in current security systems and necessitates immediate adjustments. The board and executive management team should prioritize investments in adaptive security solutions and inform stakeholders of potential impacts.

CISO focus: Threat Detection and Response

Sentiment: Negative

Time to Impact: Immediate

*

Attackers Use AI to Outwit Security Measures

A Sneak Peek into AI-Powered Threats

A new phishing ploy is waging war against unsuspecting Gmail users. This innovation in cyber-attacks leverages AI prompt injections, an advanced technique where attackers embed commands intended for language models like ChatGPT in the email’s code. This clever ruse goes unnoticed by AI-driven security programs, which mistakenly follow these prompts as legitimate inputs, classifying the threats as benign and leaving users exposed.

Who’s Behind the Curtain?

Though unverified, the breadcrumbs in this digital deception point towards possible involvement of South Asian cyber operatives. WHOIS records and language markers suggest connections to the region, yet definitive attribution remains elusive. This serves not only as a reminder of geographical influences in cybercrime but also highlights the global reach of modern cyber threats.

Implications for Businesses

Why It's More Than Just an Email

For businesses, the implications are clear and troubling. Organizations that lean heavily on AI-enhanced security software find themselves reevaluating their strategies. The need for diversified security measures that go beyond automation is glaringly apparent, ensuring there’s human oversight to catch what machines might miss.

A Call to Action: Adapting Security Frameworks

Security teams must pivot strategies by incorporating heuristic-based solutions and conducting regular audits of AI system outputs. This attack is a wake-up call prompting security practitioners to consider hybrid models of protection—balancing AI efficiencies with human intuition and experience.

How Organizations Can Respond

Fortify Your Defenses

Enhance System Awareness: Regularly train and update security teams on emerging threats and adjust protocols to identify AI-specific vulnerabilities.

Diversify Security Mechanisms: Utilize layered security approaches, incorporating both AI-driven tools and traditional defenses.

Human Oversight in AI Workflows: Establish protocols for manual review of AI-generated classifications and threat assessments.

The Probable Targets and Wider Impact

More than a Gmail Issue

While Gmail is the current target, the AI prompt injection tactic has wider implications, potentially affecting any system reliant on language model interfaces. As such, tech vendors and service providers should be on high alert, preparing mitigations for prospective attacks.

Not Just a Hacker's Playground

This development pushes the boundaries of cyber intelligence and necessitates a reevaluation of AI's role in cybersecurity. With AI's potential also being its Achilles' heel, cybersecurity’s dynamic landscape activates both innovative protections and novel attack vectors.

Defensive Maneuvers with AI Advantages

Redefining AI Utility in Cybersecurity

AI has dramatically enhanced capabilities in predictive analytics and threat detection, but its susceptibility to manipulation calls for innovative adaptation. Organizations should employ adaptive machine learning algorithms that not only recognize known threats but also learn from anomalous activities indicative of attack evolutions.

In the Final Analysis...

_Behind the AI Curtain: What's Next?_

In the great play of cybersecurity, there's always a new act to confront. With AI prompt injection setting the stage, the cybersecurity community must step into new roles—updating defenses, sharpening awareness, and refining technologies. The curtain may have risen unexpectedly, but the show is far from over.

*

Vendor Diligence Questions

1. How does your security solution detect and respond to AI manipulation techniques such as prompt injection?

2. Can your product provide manual override capabilities for AI-generated alerts and classifications?

3. What is your approach to ensuring continuous learning and adaptability in AI-driven security tools?

Action Plan

1. Immediate Threat Review: Conduct an emergency threat assessment focusing on AI vulnerabilities.

2. Layered Security Implementation: Integrate additional human intelligence into automated security workflows.

3. Training & Awareness Programs: Launch workshops to update IT personnel on AI threats and security advancements.

*

Source: Cyber Security News

*

The Encryption Dilemma: Tech Giants vs Government

_In a world of locks and keys, sometimes we forget who keeps the spare._

What You Need to Know

The Federal Trade Commission (FTC) has issued a stern warning to tech giants not to succumb to foreign government pressures demanding weakened encryption standards. This move aims to ensure the continued protection of consumer data against unauthorized access, safeguarding privacy and national security interests. Executive management is expected to review current compliance and encryption policies, ensuring alignment with domestic guidelines and advocating for robust consumer data protection standards globally.

CISO Focus: Data Privacy & Encryption

Sentiment: Strong Positive

Time to Impact: Immediate

*

The Tech Giants’ Encryption Showdown

The Federal Trade Commission's (FTC) latest advisory to major tech companies draws battle lines in an ongoing war over encryption policies. As governments around the globe ramp up pressure on tech companies to create backdoors into their encryption systems, the FTC’s directive underscores the critical importance of maintaining strong privacy protocols to protect consumer data. The directive is not just a cautionary message but a clarion call for big tech to uphold high security standards.

Encryption: The Linchpin of Data Privacy

Encryption has undoubtedly become the backbone of modern digital communication. This core aspect of cybersecurity ensures that information shared over networks is accessible only to those intended, keeping consumer data shielded from cybercriminals and unauthorized surveillance.

Key Highlights from the FTC’s Warning:

* Protection Against Aggressive Legislation: The FTC emphasized that bowing to foreign pressures that demand weakened encryption could set a dangerous precedent, potentially leading to vulnerabilities exploitable by malicious entities.

* Upholding US Interests: The FTC underscored the need for tech giants to align their encryption standards with domestic laws, promoting a protective shell around American consumer data.

* Economic and Security Aspects: Weakened encryption could jeopardize not just individual privacy but national economic interests, with far-reaching implications for corporate security dynamics.

Governments vs. Tech Giants: A Clash of Interests

At the heart of this debate lies a fundamental clash between government interests and technology-driven privacy. Governments argue that strong encryption hinders law enforcement and poses national security challenges. They insist that without a means to bypass encryption, important data might remain inaccessible even during critical investigations.

However, the tech industry and privacy advocates counterargue that any intentional weakening of encryption inherently creates vulnerabilities. These weaknesses could potentially be exploited not only by intended authorities but also by cybercriminals and actors with harmful intentions.

The Implication of Weakened Encryption

Several high-profile breaches in recent years have highlighted the catastrophic impact weak encryption can have:

Data Breaches: Reduced encryption standards can expose vast amounts of user data, leading to identity theft, financial scams, and other cybercrimes.

Loss of Trust: Consumer trust is paramount, and companies that cannot guarantee data security risk losing their customer base.

National Security Risks: Weakened encryption could undermine critical national infrastructure, exposing sensitive economic and security systems to attack.

FTC’s Directive: A Roadmap for Tech Giants

The FTC’s advisory offers a roadmap for maintaining robust encryption practices, suggesting the following priorities for tech firms:

End-to-End Encryption: Implementing and maintaining end-to-end encryption as a standard practice across all consumer and enterprise products.

Public Advocacy: Tech companies are encouraged to publicly advocate for strong privacy and encryption standards globally.

International Cooperation: Collaborating with international agencies to set and promote encryption standards that protect global data while respecting sovereignty.

To Keep or Not to Keep Backdoors

If one thing is clear, it is that the technology sector stands at a crossroad. What is often billed as a trade-off between privacy and security might just be a question of perspective. Companies would do well to consider the permanence of decisions made, bearing in mind that in the digital landscape, today’s concession can become tomorrow’s liability.

*

Vendor Diligence Questions

1. How does your company maintain end-to-end encryption standards, and are these aligned with the recommendations of domestic regulatory bodies like the FTC?

2. Have there been any prior instances where your company has conceded to external pressures, resulting in weakened security protocols?

3. What assurances or measures do you provide to ensure robust encryption standards are maintained, even under international pressure?

Action Plan

* Audit Current Encryption Practices: Immediately review and ensure all existing encryption protocols meet domestic standards and offer end-to-end security.

* Training and Awareness: Conduct regular training sessions for teams on the importance of encryption and the implications of lowering standards.

* Policy Advocacy: Develop an internal policy framework to guide interactions with foreign governments regarding data encryption practices.

*

Source: FTC warns tech giants not to bow to foreign pressure on encryption

*

How to Master Netdiscover and Map Your Network Effectively

_Discover your network's secrets before they surprise you. Tee-hee!_

What You Need to Know

As a board or executive management group, it's essential to recognize the role of comprehensive network mapping. Utilizing tools like Netdiscover allows organizations to stay a step ahead in cybersecurity, pinpoint vulnerabilities, and ensure smoother network performance. Immediate endorsement of robust network discovery protocols is expected to bolster our cybersecurity framework and operational efficiency.

CISO focus: Network Security and Topology

Sentiment: Strong Positive

Time to Impact: Immediate

*

Netdiscover: Your Secret Weapon in Network Mapping

With the expanding reach of digital networks, comprehending the full expanse of your network's topology is critical. Netdiscover emerges as a powerhouse tool in this scenario, offering users the ability to seamlessly map, troubleshoot, and understand their networks. At its core, this tool simplifies the complex, transforming potentially chaotic cybersecurity landscapes into clear and manageable frameworks.

What Makes Netdiscover Stand Out?

At first glance, the complexities of network mapping can appear daunting. However, Netdiscover trims the frills, focusing on core functionalities that allow even a novice to tread confidently in the realm of network discovery. It's designed for simplicity and efficiency. Here’s why it’s catching attention:

Ease of Use: Netdiscover offers an intuitive interface that fits comfortably between power-packed features and straightforward execution.

Passive Scanning: Unlike intrusive tools, Netdiscover uses a passive scanning process, ensuring minimal network disruption and maximum privacy.

Compatibility: Built to seamlessly integrate with Unix-like systems, it performs excellently within various network layouts.

Hands-on with Netdiscover

Treading deeper into its operational prowess, Netdiscover operates effectively via ARP (Address Resolution Protocol) requests, unveiling hidden devices within a network. By executing straightforward commands, users delve into the heart of their network structure, achieving clearer insight and superior control.

Key Steps:

1. Installation and Setup: The tool can be effortlessly installed, requiring minimal configuration while offering an immediate impact.

2. Network Scanning: It provides the ability to scan either a single IP or entire subnet, mapping out devices extensively.

3. Tracking and Diagnostics: As part of its monitoring abilities, Netdiscover also tracks changes, spotting potential issues arising within network configurations.

Importance of Regular Network Mapping

Regularly updating network mappings is a strategic step toward fortified cybersecurity and streamlined network functionality. Networks grow and evolve, making it paramount to have the tools and habitual practices that confront risks proactively.

Vulnerability Management: Keeps an active eye on unrecognized or unauthorized devices that could pose risks.

Performance Enhancement: Identifies bottlenecks and helps to streamline resource distribution.

Efficient Troubleshooting: When issues arise, having a solid map aids in quick diagnosis and resolution.

Don’t Sleep on Your Network

In our age of digital seamlessness, networks evolve in the blink of an eye. Failing to keep an updated and explicit map can lead to costly and disruptive pitfalls. Therefore, active network mapping practices powered by tools like Netdiscover are small investments for immense returns—in security, efficiency, and peace of mind.

By leveraging Netdiscover, businesses can safeguard their operations with updated network vulnerability assessments, ensuring a resilient and robust defense against potential cyber threats.

Interested in More?

For practitioners and businesses thirsting for deeper excellence in network operations and security, further engagement with comprehensive network tools and practices will be advantageous. As cybersecurity landscapes evolve, staying informed and equipped is key to maintaining operational continuity and protecting valuable assets.

*

Vendor Diligence

1. Does your network discovery solution offer capabilities in passive scanning akin to Netdiscover?

2. Can the tool seamlessly integrate with our existing Unix-based network infrastructure?

3. How frequently are updates rolled out to meet emerging network mapping requirements?

Action Plan

Initiate a Training Session: For all relevant personnel to familiarize themselves with Netdiscover.

Health Check on Current Network Mapping: Assess existing network documentation and identify areas for potential enhancement.

Implementation of Regular Checks: Include network mapping in the quarterly cybersecurity audits to ensure accuracy and depth in monitoring.

*

Source: How to use Netdiscover to map and troubleshoot networks

*

MixShell Malware Mixes It Up In Contact Forms

_When your contact form becomes a malware trap, even your CAPTCHA can't save you._

What You Need to Know

The latest cyber threat, a sophisticated malware called MixShell, has surfaced. Delivered stealthily via contact forms, it has specifically targeted U.S. supply chain manufacturers, causing a ripple of security concerns. The malware exploits the seemingly harmless features of contact forms to infiltrate systems and execute remote code, bypassing traditional email security measures. The executive management group is expected to reinforce their cybersecurity protocols and deploy emergency response strategies to mitigate potential breaches.

CISO focus: Malware Defense and Supply Chain Security

Sentiment: Negative

Time to Impact: Immediate

*

MixShell Malware and Its Clever Infiltration

The MixShell malware has emerged as an innovative predator in the digital jungle, targeting U.S. supply chain manufacturers in a cunning manner. Its delivery method—using contact forms—eschews the traditional email routes that most organizations focus on securing, thus taking advantage of a low-visibility vector to perform its malicious functions.

A Wolf in Sheep's Clothing

MixShell capitalizes on contact forms, those unsuspicious gateways often neglected in digital security strategies. By manipulating these content forms, the attacker delivers a malicious payload capable of running arbitrary codes. These payloads bypass security measures because contact forms are considered low-risk pathways, devoid of traditional filtering systems applied to emails and other entry points.

Supply Chain at Risk

The deliberate targeting of U.S. supply chain manufacturers isn't random—this sector often underpins other critical industries, amplifying potential fallout. Disruptions within this domain could lead to cascading failures in services and products, creating far-reaching economic impacts.

Key Findings

Modus Operandi: MixShell malware distinguishes itself through its clever use of contact forms to inject shell codes into organization systems, enabling remote code execution.

Current Impact: Primarily aimed at compromising supply chain manufacturers' infrastructure—significant because of their role in numerous other industrial processes—this methodology remains under-detected due to non-standard exploitation routes.

Threat Level: The unconventional avenue of attack poses serious implications, elevating the threat level because it strikes at the heart of an organization’s operations with little immediate detection due to often lax contact form monitoring.

Immediate Actions Needed

Organizations, especially in the manufacturing sector, should immediately reevaluate their security protocols regarding contact forms. While often overlooked, these should now be considered a critical component in an organization’s cyber defense terrain:

Verification Tools: Utilize advanced content filtering and CAPTCHA verifications as gatekeepers against malicious inputs.

Security Assessments: Regularly update and audit contact form frameworks as part of a broader security assessment routine.

Employee Training: Elevate awareness among employees about this evolving threat vector, emphasizing the importance of securing all forms of digital communication interfaces.

Rewind and Reevaluate: Making Contact Forms a Security Priority

Supply chain manufacturers must prioritize integrating contact form evaluations into regular cybersecurity drills. Taking proactive steps to monitor and update security measures will significantly reinforce their resilience against such malware threats.

Given the immediate nature of this threat, time is of the essence in responding effectively to the MixShell exploits. Organizations within the targeted industry or those reliant on supply chain manufacturers should heed these warnings and take strategic action to safeguard their data infrastructures against future attacks.

*

Vendor Diligence

1. What measures do you implement to secure unconventional entry points like contact forms?

2. Can your security solutions detect and respond to remote code execution threats?

3. Do you offer training and audit services for component-specific cybersecurity assessments?

Action Plan

1. Immediate Audit: Conduct a security audit of all contact forms across digital properties.

2. Deploy Security Measures: Integrate CAPTCHAs and other verification systems on contact forms to prevent automated submissions.

3. Enhance Detection & Response: Update current security protocols to ensure they cover indirect malware delivery methods.

4. Training & Awareness: Implement threat awareness training focusing on unconventional malware delivery methods for all employees.

5. Engage Vendors: Collaborate with cybersecurity vendors to evaluate current security solutions and their robustness against novel threats like MixShell.

*

Source:

[MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers](https://thehackernews.com/2025/08/mixshell-malware-delivered-via-contact.html)

*

No, Google Did Not Warn 2.5 Billion Gmail Users to Reset Passwords

_Don't believe everything you read on the internet, especially if it sounds improbable._

What You Need to Know

Recent reports erroneously claimed that Google issued a warning to 2.5 billion Gmail users, urging them to reset their passwords due to a security threat. This misinformation spread quickly across platforms before being debunked. It is crucial for board and executive members to understand that no such directive was issued by Google. They should remain alert to false security reports and rely on verified communications from trusted sources. The leadership should reinforce the importance of skepticism and verification within their organizations.

CISO Focus: Social Engineering and Misinformation

Sentiment: Strong Negative

Time to Impact: Immediate

*

The alarm bells rang loudly when reports surfaced claiming that Google had warned its billions of Gmail users to reset their passwords. Panic and concern swept through digital spaces, prompting many to investigate the validity of this alarming report. But in reality, it was nothing more than an unfounded rumor. Google's official channels have not issued any such widespread alert, confirming that the claim was a fabrication, albeit a persuasive one.

Unraveling the Misinformation

* False Alarm : The claims suggested a massive breach was compelling Google to take unprecedented action, affecting its vast user base of Gmail accounts.

* Verification : Upon review, no authenticated message or communication from Google supported this narrative. Trustworthy sources like Bleeping Computer confirmed the misinformation, disproving the rumor through tangible lack of evidence.

* Impact : The falsehood's rapid spread demonstrates the susceptibility of digital communications to manipulation, underscoring how quickly misinformation can incite unnecessary panic.

The Role of Media Literacy

Educating users about media literacy is paramount in combatting misinformation. Users need to discern credible sources from sensationalist reports. The advent of social media has blurred the lines between news and noise, necessitating a more discerning approach to information consumption.

* Critically Appraise Sources : Encouraging skepticism of sensational claims not backed by official statements.

* Encourage Verification : Educating users on cross-referencing information with multiple credible sources such as official company communications or established news outlets.

Implications for Cybersecurity

This incident exemplifies a significant cybersecurity concern, highlighting the impact of social engineering and misinformation tactics that could exploit the public's fear to potentially facilitate phishing scams.

* Social Engineering Tactics : Misinformation can divert attention, leading users to perform damaging actions under false pretenses.

* Phishing Risks : Cybercriminals sometimes leverage such chaos to harvest information or deceive users into compromising actions unwarranted by legitimate instructions.

What Can Organizations Do?

Organizations can build resilience against such information threats by incorporating regular training and establishing clear channels for verifying information.

* Policies and Education : Implement strong misinformation protocols and educate employees regularly about potential threats and response strategies.

* Crisis Management : Develop a robust crisis response plan that can be rapidly deployed to manage misinformation effectively.

*

Guard Up, Don’t Click in Fear

In conclusion, the incident stresses the need for a cautious approach to cybersecurity alerts and emphasizes the importance of official validation of claims. While the internet teems with crucial updates and necessary alerts, users must not take everything at face value, especially when major platforms have the capacity to communicate directly and officially with their user base.

*

Vendor Diligence

1. How does your service ensure the integrity and authenticity of potentially critical security communications?

2. What protocols do you have in place to handle false or misleading information that may spread within digital ecosystems?

3. Can you provide examples of how misinformation has been managed effectively in past instances?

Action Plan

1. Report Analysis : Task the information security team to compile reports of recent misinformation incidents and analyze patterns.

2. Internal Communication : Reaffirm the company's official communication channels and remind employees not to act on unverified external security advisories.

3. Training and Workshops : Conduct workshops focused on media literacy and misinformation detection for all employees, with priority on those in customer-facing roles.

4. Engagement with Vendors : Ensure that partners and vendors are also equipped with the tools and strategies to filter facts from fiction.

*

Source: No, Google did not warn 2.5 billion Gmail users to reset passwords

*

Harnessing AI in Penetration Testing: LLMs Are the New MVP

_Only in cybersecurity can AI get this nosy and be applauded for it._

What You Need to Know

The landscape of penetration testing is rapidly evolving with the advent of Large Language Models (LLMs) that are revolutionizing red team operations. Executives must prioritize understanding how LLMs, such as GPT models, can be leveraged to optimize penetration testing efforts, enhance cyber defense strategies, and ultimately secure enterprise infrastructures against sophisticated threats. Embracing these advancements can lead to superior proactive security measures, ensuring your organization's data integrity.

CISO focus: Artificial Intelligence in Cyber Defense

Sentiment: Strong Positive

Time to Impact: Immediate

*

AI Meets Red Teams: Revolutionizing Pen Testing

With machine learning and AI becoming ubiquitous across various technology sectors, it was only a matter of time before cybersecurity experts began integrating these advancements into their operations. Red teams, the stealthy essence of cybersecurity, are now employing Large Language Models (LLMs) like OpenAI’s GPT series to bolster penetration testing.

The New AI Backbone

1. AI-Driven Social Engineering: LLMs can simulate complex phishing attacks, imitating human behavior with uncanny accuracy. Investing in such technology enhances a red team’s ability to simulate real-world threats, providing organizations with realistic attack scenarios.

2. Automating Reconnaissance: LLMs can sift through vast amounts of data to identify potential vulnerabilities and leaking sensitive information in little time. This automation allows red teams to focus on strategy rather than manual data trawling.

3. Adaptive Adversary Simulation: By employing LLMs, red teams can create adaptive attack strategies that dynamically adjust to the defensive maneuvers of the IT security team, providing an ever-developing threat landscape.

A Step Ahead with Predictive Analysis

LLMs are offering predictive analyses that warn cybersecurity teams of likely attack vectors before they occur. This foresight is invaluable in an age where a breach’s ramifications can extend far beyond financial losses, tarnishing brand reputations and consumer trust.

Pattern Recognition: These AI models excel at identifying patterns which could signify potential security breaches. This capability allows red teams to strategize effectively and neutralize threats preemptively.

Behavioral Insights: By analyzing vast datasets, LLMs can predict the behavior of potential threat actors, allowing organizations to prepare and shield themselves from possible infiltrations.

Think, Test, Fortify

The integration of LLMs into penetration testing emphasizes the importance of continuous learning and adaptation in cybersecurity.

Flexibility and Customization: As LLMs evolve, they offer security teams customizable penetration testing strategies suited to unique organizational needs.

Real-Time Feedback: Immediate insights from AI-driven strategies equip cybersecurity experts to adjust defenses dynamically and efficiently.

The Human-Machine Collaborations

While AI provides unprecedented penetration-testing capabilities, the human element remains vital:

Ethical Hacking Oversight: LLMs require human oversight to ensure ethical standards in activities such as social engineering simulations.

Interpreting AI Output: Expert interpretation of LLM analysis results ensures actionable insights lead to tangible security improvements.

In the era of rapid technological advances, staying stagnant is equivalent to backpedaling. Organizations need to embrace AI tools like LLMs, transforming red teams into the unbeatable, preemptive cyber shield they were always destined to be.

AI in Its Natural Element

Stay ahead of adversaries by enabling your red teams to leverage AI-driven potency. Not only can they identify vulnerabilities before black hats, but they can also offer predictive models that put you steps ahead in the cybersecurity race.

*

Vendor Diligence Questions

1. What specific LLM capabilities do you offer that distinguish your penetration testing solutions from traditional models?

2. How do you tailor machine learning outputs to suit different organizational security needs?

3. What ethical guidelines are in place to ensure AI-driven simulations are conducted responsibly and securely?

Action Plan

1. Evaluate Current Penetration Testing Methods: Assess whether current practices incorporate AI efficiently and identify gaps where LLMs can be integrated.

2. Implement LLMs with Expert Training: Equip red teams with AI tools, training them in interpretation and strategic implementation.

3. Continuous Monitoring and Updating: Establish a system of ongoing assessment to ensure AI tools are current with the latest cyber threats.

4. Collaboration with AI Experts: Facilitate partnerships with AI researchers and vendors to remain on the cutting edge of technology developments.

*

Source: Red teams and AI: 5 ways to use LLMs for penetration testing

*

_CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career._

_We’re a small startup, and your subscription and recommendation to others is really important to us._

*Thank you so much for your support!(